OSVDB ID: 25120 Title: Clam AntiVirus Freshclam HTTP Header Remote Overflow |
Info |
|
|
Dates |
||||
|
|
Description |
A remote overflow exists in Freshclam. The 'freshclam' utility fails to check the length of HTTP headers resulting in a stack-based buffer overflow when a server responds with more than 8KB of header data. With a specially crafted server response, an attacker can cause denial of service or arbitrary code execution resulting in a loss of integrity or availability for the service. |
Classification |
Location:
Remote / Network Access
Attack Type: Denial of Service, Input Manipulation Impact: Loss of Integrity, Loss of Availability Solution: Upgrade Exploit: Exploit Unknown Disclosure: OSVDB Verified, Vendor Verified OSVDB: Security Software |
Solution |
Upgrade to version 0.88.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
Products |
|
Credit |
|
prontomail.com -